View Single Post
Old 21st September 2009
Albright Albright is offline
Port Guard
 
Join Date: Apr 2009
Posts: 14
Default

That's not a terrible idea, but unfortunately I don't have /home on a separate partition and don't have the luxury of being able to repartition at the moment. (And there's some interesting discussion about the efficacy of noexec I found in this thread on the freebsd-security mailing list - see this post specifically.)

Though I've been thinking… If users don't have shell access, then they can't really run applications, right? The real concern here is that they upload a PHP script and set it executable, then try to access that script in a web browser so that the web server passes it to the PHP interpreter and it gets executed. But what if I simply configure the web server so that it never tries to execute files in user directories? That way, trying to access it simply causes it to be passed through to the user as if it were a text file. That might be all I need.
Reply With Quote